Thibault Chatiron

Upcoming behavior change to the “DoNotRewrite” List

With the deployment of the Tenant Allow/Block List, as being the single source of truth for Tenant Allows, other mechanisms for Tenant Allows are being removed. This will give SecOps teams one place to manage all Tenant Allows. Today, “DoNotRewrite” list is used to Skip wrapping URLs Detonation(SONAR) Verdicts. The intended purpose of “DoNotRewrite” is …

Change to soft-deleted period for inactive mailboxes

When all holds and retention policies are removed from an inactive mailbox, it becomes soft-deleted and remains in Exchange for a period of time to allow for recovery before permanent deletion. Based on customer feedback, and to maintain consistency with other solutions, Microsoft will be changing this period to 30 days (from current 183 days). …

[MDO] Password protected download of quarantined messages

With this change Microsoft is giving the ability to password protects items they download from quarantine. Microsoft wants users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools. When this …

Custom organization branding for quarantine notification

Microsoft will be adding capabilities to making it possible for Security Operations (SecOps) to customize end user quarantine notifications with their respective organization sender address and custom subject. When this will happen: Standard: will begin rolling out in late August and is expected to be complete by early September. Government: will begin rolling out in …

Microsoft Defender for Cloud Apps – Release 227, 228, 229, 230 & 231

Malware hashes available for SharePoint and OneDrive (Preview)In addition to file hashes available for malware detected in non-Microsoft storage apps, now new malware detection alerts will provide hashes for malware detected in SharePoint and OneDrive. For more information, see Malware detection. SaaS Security Posture Management capabilities for Salesforce and ServiceNowSecurity posture assessments are available for Salesforce …

Rollout of Security Default in Microsoft tenants

Microsoft has begun the rollout of security defaults to existing customers who haven’t yet rolled out security defaults or Azure AD Conditional Access. Microsoft introduced security defaults in October 2019 for new tenants, ensuring that new customers would be created and maintained with basic security hygiene in place – especially MFA and modern auth requirements – regardless …

MDO – Introducing differentiated protection for priority accounts [General Availability]

The April 13, Microsoft announced general availability of differentiated protection for priority accounts, people like executives, leaders, managers, or other users who have access to sensitive, proprietary, or high priority information. With this release, users tagged as priority accounts will receive a higher level of protection against threats. Licences The Priority account protection feature is …

Microsoft Defender for Cloud Apps – Release 226

Improvements in malware detection for non-Microsoft storage appsDefender for Cloud Apps has introduced major improvements in the non-Microsoft storage apps detection mechanism. This will reduce the number of false positive alerts.

Microsoft Defender for Cloud Apps – Release 225

Support for Rome and San Diego ServiceNow versionsThe Defender for Cloud Apps connector for ServiceNow now supports Rome and San Diego versions of ServiceNow. With this update, you can protect the latest versions of ServiceNow using Defender for Cloud Apps. For more information, see Connect ServiceNow to Microsoft Defender for Cloud Apps.

Dynamic administrative units for users & devices [Public Preview]

With dynamic administrative units, you no longer have to manually manage membership of your administrative units (or write your own automation to manage it for you).Indeed, I previously used a custom script in order to populate the Administrative Units with members, and it can take some time to finish… Instead, Azure AD allows you to specify …

Enablement of combined security information registration for Azure Active Directory

In April 2020, the combined security information registration experience for registering both multifactor authentication (MFA) and self-service password reset (SSPR) was released for you to opt in. Upcoming, Microsoft will be making the new combined security information registration experience the default for all tenants. Note: This change will not impact you if your tenant was …

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 222, 223 and 224

Updated severity levels for Defender for Cloud Apps anomaly detectionsThe severity levels for Defender for Cloud Apps built-in anomaly detection alerts are being changed to better reflect the risk level in the event of true positive alerts. The new severity levels can be seen in the policies page: https://portal.cloudappsecurity.com/#/policy

Sensitivity labels now apply to modified documents

If you’ve configured users for a default sensitivity label policy for Office documents, the label you chose will automatically be applied to Word, Excel, and PowerPoint documents you create or modify. Previously, this only applied to new documents only. Note: This update applies to Word, Excel, and PowerPoint on the Web, and Word and PowerPoint on …

Retirement announcement for AIP Audit Logs pipeline forwarding audit logs to Azure Log Analytics workspaces

Microsoft will no longer be onboarding new Log Analytics workspaces to store Azure Information Protection (AIP) audit logs. Note: Customers who have previously configured Log Analytics to store AIP audit logs will continue to receive forwarded audit logs into their workspaces until the data pipeline is fully retired. When this will happen: Microsoft will stop …

[MDO] Some cmdlets will be retired in May 2022

Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail will be retired Microsoft will be retiring the Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail cmdlet from Microsoft Defender for Office 365. Instead, Microsoft recommends the use of the Get-ContentMalwareMdoAggregateReport | Get-ContentMalwareMdoDetailReport cmdlet. Key points Timing: retirement will begin in early May and is expected to complete by mid-May Action: review and transition to the Get-ContentMalwareMdoAggregateReport …

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 221

Egnyte app connector available in public previewA new app connector for Egnyte is available in public preview. You can now connect Microsoft Defender for Cloud Apps to Atlassian to monitor and protect users and activities. For more information, see Connect Egnyte to Microsoft Defender for Cloud Apps (Preview).

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 220

New Cloud discovery log collectorThe Cloud Discovery log collector has been updated to Ubuntu 20.04. To install it, see Configure automatic log upload for continuous reports.

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 218 and 219

Atlassian app connector available in public previewA new app connector for Atlassian is available in public preview. You can now connect Microsoft Defender for Cloud Apps to Atlassian to monitor and protect users and activities. For more information, see Connect Atlassian to Microsoft Defender for Cloud Apps (Preview).

Continuous Access Evaluation in Azure AD [General Availability]

CAE introduces real-time enforcement of account lifecycle events and policies, including: Account revocation Account disablement/deletion Password change User location change User risk increase On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy. With CAE, Microsoft has introduced a new concept of Zero …

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 216 and 217

Non-Microsoft activities in advanced huntingNon-Microsoft apps activities are now included the CloudAppEvent table in Microsoft 365 Defender advanced hunting. For more information, see the Microsoft 365 Defender Tech Community blog post. NetDocuments API connector is now in general availabilityThe NetDocuments API connector is in general availability, giving you more visibility into, and control over, how your NetDocument app is …

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
ApplicationGatewayAffinityCORS	session	No description available.
CLID	1 year	No description
GoogleAdServingTest	session	No description
LiSESSIONID	session	No description available.
LithiumUserInfo	past	No description
LithiumUserSecure	past	No description
LithiumVisitor	1 year	No description available.
original_req_url	past	No description
SM	session	No description available.
SRM_B	1 year 24 days	No description available.

Thibault CHÂTIRON

Upcoming behavior change to the “DoNotRewrite” List

Change to soft-deleted period for inactive mailboxes

[MDO] Password protected download of quarantined messages

Custom organization branding for quarantine notification

Microsoft Defender for Cloud Apps – Release 227, 228, 229, 230 & 231

Rollout of Security Default in Microsoft tenants

MDO – Introducing differentiated protection for priority accounts [General Availability]

Microsoft Defender for Cloud Apps – Release 226

Microsoft Defender for Cloud Apps – Release 225

Dynamic administrative units for users & devices [Public Preview]

Enablement of combined security information registration for Azure Active Directory

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 222, 223 and 224

Sensitivity labels now apply to modified documents

Retirement announcement for AIP Audit Logs pipeline forwarding audit logs to Azure Log Analytics workspaces

[MDO] Some cmdlets will be retired in May 2022

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 221

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 220

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 218 and 219

Continuous Access Evaluation in Azure AD [General Availability]

Microsoft Defender for Cloud Apps (formerly MCAS) – Release 216 and 217

Thibault CHÂTIRON

Follow Blog via Email

Recent Posts

Categories

Archives